[openstack-dev] Kilo v3 identity problems
stevemar at ca.ibm.com
Wed Jun 3 19:20:27 UTC 2015
Dolph Mathews <dolph.mathews at gmail.com> wrote on 06/03/2015 02:16:55 PM:
> From: Dolph Mathews <dolph.mathews at gmail.com>
> To: "OpenStack Development Mailing List (not for usage questions)"
> <openstack-dev at lists.openstack.org>
> Date: 06/03/2015 02:17 PM
> Subject: Re: [openstack-dev] Kilo v3 identity problems
> I assume that by "v3 policy file" you're specifically referring to:
> Which essentially illustrates enforcement of a much more powerful
> authorization model than most deployers are familiar with today.
> You'll need to create and consume a domain-based role assignment,
> for example (do you have a role assigned to your user on the
> "default" domain? Are you accessing "openstack domain list" with a
> domain-scoped token?).
> Unless you're ready to experiment with that new policy model, the
> default policy file is also designed for v3 and it's behavior is
> probably what you're expecting:
> Perhaps "policy.v3cloudsample.json" is poorly named if it implies
> that it's somehow a pre-requisite to getting started with the v3 API?
++ I think so, I've had to field many questions and comments about folks
using this file when they
really just need the "usual" one.
OpenStack Keystone Core
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev